SQL Server
SQL Server
SAML Signature Validation
See more XML Digital Signatures Examples
A SAML Signature is an XML Digital Signature (XMLDSig) just like any other XML digital signature. It can be verified by using Chilkat' XmlDSig class, as shown in this example.Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
DECLARE @iTmp0 int
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @dsig int
EXEC @hr = sp_OACreate 'Chilkat.XmlDSig', @dsig OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
EXEC sp_OAMethod @dsig, 'LoadSignature', @success OUT, 'XML xml signature goes here...'
-- A sample SAML signature is shown below..
DECLARE @numSignatures int
EXEC sp_OAGetProperty @dsig, 'NumSignatures', @numSignatures OUT
DECLARE @i int
SELECT @i = 0
WHILE @i < @numSignatures
BEGIN
EXEC sp_OASetProperty @dsig, 'Selector', @i
DECLARE @bVerifyRefDigests int
SELECT @bVerifyRefDigests = 0
DECLARE @bSignatureVerified int
EXEC sp_OAMethod @dsig, 'VerifySignature', @bSignatureVerified OUT, @bVerifyRefDigests
IF @bSignatureVerified = 1
BEGIN
PRINT 'Signature ' + @i + 1 + ' verified'
END
ELSE
BEGIN
PRINT 'Signature ' + @i + 1 + ' invalid'
END
-- Check each of the reference digests separately..
DECLARE @numRefDigests int
EXEC sp_OAGetProperty @dsig, 'NumReferences', @numRefDigests OUT
DECLARE @j int
SELECT @j = 0
WHILE @j < @numRefDigests
BEGIN
DECLARE @bDigestVerified int
EXEC sp_OAMethod @dsig, 'VerifyReferenceDigest', @bDigestVerified OUT, @j
PRINT 'reference digest ' + @j + 1 + ' verified = ' + @bDigestVerified
IF @bDigestVerified = 0
BEGIN
EXEC sp_OAGetProperty @dsig, 'RefFailReason', @iTmp0 OUT
PRINT ' reference digest fail reason: ' + @iTmp0
END
SELECT @j = @j + 1
END
SELECT @i = @i + 1
END
-- --------------------------------------
-- Here is a sample SAML XML Signature
--
--
-- <?xml version="1.0" encoding="UTF-8"?>
-- <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="abc123" Version="2.0" IssueInstant="2022-04-01T12:34:56Z" Destination="https://sp.example.com/sso">
-- <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.example.com</saml2:Issuer>
-- <saml2p:Status>
-- <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-- </saml2p:Status>
-- <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="def456" IssueInstant="2022-04-01T12:34:56Z" Version="2.0">
-- <saml2:Issuer>https://idp.example.com</saml2:Issuer>
-- <saml2:Subject>
-- <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml2:NameID>
-- </saml2:Subject>
-- <saml2:Conditions NotBefore="2022-04-01T12:34:56Z" NotOnOrAfter="2022-04-01T13:34:56Z"/>
-- <saml2:AuthnStatement AuthnInstant="2022-04-01T12:34:56Z">
-- <saml2:AuthnContext>
-- <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
-- </saml2:AuthnContext>
-- </saml2:AuthnStatement>
-- <!-- Additional assertion content -->
-- </saml2:Assertion>
-- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-- <ds:SignedInfo>
-- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-- <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
-- <ds:Reference URI="#abc123">
-- <ds:Transforms>
-- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-- </ds:Transforms>
-- <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-- <ds:DigestValue>q7Zj1w+...+pCsjw=</ds:DigestValue>
-- </ds:Reference>
-- <!-- Additional references if present -->
-- </ds:SignedInfo>
-- <ds:SignatureValue>
-- NjIzOWE5ZjA2M2M1...NzUwNzUwNzUwNzUwNzU=
-- </ds:SignatureValue>
-- <ds:KeyInfo>
-- <ds:X509Data>
-- <ds:X509Certificate>
-- MIIDgzCCAmugAwIBAg...AgADAA==
-- </ds:X509Certificate>
-- </ds:X509Data>
-- </ds:KeyInfo>
-- </ds:Signature>
-- </saml2p:Response>
EXEC @hr = sp_OADestroy @dsig
END
GO